I tried searching for Best Practices, but only found a few documents. Is there a site for LEM Best Practices, common rules, or implementation suggestions? What do you feel is your best rule? Thanks in advance!!
↧
Is there a list of LEM Best Practices, or Most Common Rules?
↧
Event Log Forwarder doesn't work!
Hi Team.
I'm trying to setup Event Log Forwarder on Windows 2016 to log EventViewer message to my syslog-ng (linux).
The syslog server port (UDP) and ip are configured correctly.
The EventViewer filter is return the properly information.
But nothing happens.
any ideas?
Thanks
↧
↧
Top 6 SANS Essential Categories of Log Reports 2013 in LEM
SANS released an updated list of their critical log categories recently. Some good recommendations especially if you're new to log management.
The 6 Categories of Critical Log Information
How easily can these be achieved using LEM?
Can the LEM team include them in the LEM ready made filters as a new filter group for example?
OT, SANS also had their top 20 critical security controls last year. I think it's a good marketing opportunity for Solarwinds to show how their products can be used to achieve these controls.
↧
LEM Upgrade Time Required
Is there any way to estimate the amount of time a LEM upgrade on a standalone appliance will take? Specifically we're going to upgrade from 6.3.1HF7 to 6.4. I'd like to give my support teams some estimate of downtime. I can reasonably estimate the time it will take for agents (~660) to upgrade, but I'm primarily concerned about how long of an outage the appliance itself will be down.
↧
Collect Raw Logs
Hi,
I have Synology NAS device, where there is no connector for it in LEM. But this device is capable of sending logs to any Syslog server, configured.
I want to know if I can receive the raw logs in LEM, without being normalized by connectors, as there is none. And later query those logs using nDepth etc???
Please advise.
↧
↧
Managermonitor Warning
Hello,
How to fix this problem?
- Managermonitor warning! disk usage: the temp filesystem is over 90% full!
Can anyone help me?
Best Regards
↧
LEM to SEM????
I was recently given the task to "upgrade" LEM to SEM 6.7, does this require creating a new VM or a "update" applied to the exsisting LEM?
↧
WannaCry Alert
Has anyone created a WannaCry LEM alert. This threat might have subsided due to the Kill switch but I am thinking others are coming.
Based on a few blog posts I have read I created a rule that looks on our file server for the below files.
@Please_Read_Me@.txt
testonly.wnry
.wcry
.wncry
.wncryt
This is what I have so far, but I was interested in others feedback.
↧
LEm with Cisco Firepower / Firesight syslog
Hi,
I have a Cisco Firepower virtual appliance, and try to see log into LEM. I have configure Syslog as I found here : Configure a FireSIGHT System to Send Alerts to an External Syslog Server - Cisco
On the LEM side, I cannot found any log, or information. I try to reconfigure the connector, but without success.
Any one have installed LEM and Firepower.
More info :
Asa with FP module - Connect to Firepower applicance
Firepower Appliance - Same vlan that ASA, and LEM
Regards,
JS
↧
↧
Log Event Manager issue
Please help me that how could i add the node in LEM even i configured the cisco swtich with following parameters
logging on
logging host 192.168.2.1
But i am unable to add the node in LEM.
What other configuration required for LEM on cisco switch.
I appreciate your help.
Thanks
↧
AD authentication in LEM
I have been asked to configure LEM to use Active Directory credentials for users to log on with. I have the Directory Service Query tool configured per the documentation, and have added both a directory services user and a directory services group. Ideally, this would all be done via group membership, so I first tried to log on to the web interface using the credentials of an account that was in the previously added group.... I ended up with a failed logon attempt message. After that I tried to log on with just the account that I had added to the appliance, and this fails as well. I need this working very soon! I am supposed to set this up so that when a member of group A logs into LEM, they can only see the nodes that they are responsible for...
↧
Decommissioned Nodes Still showing in SEM Nodes
I have servers that have been removed from the network still populating in my list of Nodes, I have even manually deleted these nodes. What would cause these nodes to reappear?
↧
Connecting SolarWinds to Cisco FirePOWER using eStreamer
We have a Cisco FirePOWER unit that we want to poll information from and place in a dashboard so that it is easy to see what is going on with FirePOWER. I have been looking and haven't found too much information on how to connect these two applications, but one thing that seems like it would work would be to connect using eStreamer. Does anyone know if this is an option or not and if so how to implement it? If its not an option is there any other way to display FirePOWER information in SolarWinds?
Thanks in advance!
↧
↧
nDepth search for specific IP address
I had some odd traffic going from one of my computers to an external IP address and I'm trying to glean more information about what was going on. I'm trying to use nDepth to search for the external address using the condition "IP Address = the_IP_I'm_looking_for" but nothing is being found. I'm not sure what I'm doing wrong. I've browsed the forum for similar queries but am still not getting any results.
↧
Post MSSQL (2016) Profiler deprecation
In the cited MSDN article Microsoft discusses the deprecation of the Profiler tool for MSSQL, has anyone been planning for this yet or have any ideas how to get ahead of getting certain auditable events from MSSQL into the LEM post Profiler? We don't want to pull every MSSQL event into the LEM from all of our SQL boxes, just some select events.
I have a question out to our MS TAM to see what answers I can get there, I'll share what I can when I get it.
https://msdn.microsoft.com/en-us/library/ms181091.aspx
Updated: October 24, 2016
SQL Server Profiler is an interface to create and manage traces and analyze and replay trace results. Events are saved in a trace file that can later be analyzed or used to replay a specific series of steps when trying to diagnose a problem.
IMPORTANT!!
We are announcing the deprecation of SQL Server Profiler for Database Engine Trace Capture and Trace Replay. These features are available in SQL Server 2016 but will be removed in a later version.
↧
Forwarding raw logs to QRadar
We are attempting to forward logs from LEM to QRadar because of bandwidth concerns. Previously, we used IBM's WinCollect agent to send them directly to the QRadar collectors. However, the subsidiary that we support is asking if they can forward their logs going to LEM to QRadar directly to save on some bandwidth. We have setup log forwarding but it appears as though LEM is normalizing and adding foreign fields to the syslog instead of forwarding the Windows Security and Events log direct without normalization.
Is there an easy way to do this without redeveloping one or both solutions?
↧
LEm with Cisco Firepower / Firesight syslog
Hi,
I have a Cisco Firepower virtual appliance, and try to see log into LEM. I have configure Syslog as I found here : Configure a FireSIGHT System to Send Alerts to an External Syslog Server - Cisco
On the LEM side, I cannot found any log, or information. I try to reconfigure the connector, but without success.
Any one have installed LEM and Firepower.
More info :
Asa with FP module - Connect to Firepower applicance
Firepower Appliance - Same vlan that ASA, and LEM
Regards,
JS
↧
↧
Still no support for MSSQL Auditor running on MSSQL Server 2017 ?
As there seems to be little update on progress for MSSQL Auditor support for SQL 2017, I want to ask if we can expect any approximate timeline of when this will happen ?
Even on ticket support, I am left in dark over this, with no timeframe available.
It's frustrating to not have support for a widely adopted SQL server version, which is around for ~2.5 years (since Oct 2, 2016)
Has anyone managed to make this work (maybe with a workaround) ?
If not, what is the alternative way you use to check MSSQL 2017 logs ?
jhynds can you expand on your hint from this thread >
↧
Nodes have the agent installed, but no nodes are showing.
I have a trial version of SEM installed as a test, the windows installer instals ok, the server is configured and can ping ip addresses, but the nodes aren't showing on the GUI.
I've left it around 45 minutes for the nodes to communicate with the server, but they're not there. do I have to do anything else? Such as a reboot or anything?
↧
Linux Agent Log File Location?
I don't currently have a system to test on but need to help out a customer, can somebody point me to where the log file is for a system running the Linux Agent? I am having some issues and wanted to check the Log to see if there were any details there.
↧